CVE-2010-0046, security issue in khtml
This commit is contained in:
parent
93ce084af6
commit
d693c5a9f8
|
@ -0,0 +1,12 @@
|
|||
diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
|
||||
--- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig 2011-11-07 19:14:53.000000000 +0100
|
||||
+++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-07 19:15:21.000000000 +0100
|
||||
@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc()
|
||||
Value* a = args->current();
|
||||
uriValue = 0;
|
||||
parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ );
|
||||
- } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) {
|
||||
+ } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
|
||||
expectComma = true;
|
||||
allowFormat = false;
|
||||
uriValue->setFormat( domString( args->current()->string ) );
|
10
kdelibs.spec
10
kdelibs.spec
|
@ -23,7 +23,7 @@
|
|||
|
||||
Summary: KDE Libraries
|
||||
Version: 4.7.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
|
@ -129,6 +129,10 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
|
|||
## security fix
|
||||
# Not Upstreamed? why not ? -- Rex
|
||||
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
|
||||
# CVE-2010-0046, The Cascading Style Sheets (CSS) implementation in khtml/WebKit
|
||||
# allows remote attackers to execute arbitrary code or cause a denial of service
|
||||
# (memory corruption and application crash) via crafted format arguments.
|
||||
Patch201: kdelibs-4.7.3-CVE-0046.patch
|
||||
|
||||
## Fedora specific patches
|
||||
# make forcefully hal-free build
|
||||
|
@ -322,6 +326,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
|
|||
|
||||
# security fixes
|
||||
%patch200 -p1 -b .CVE-2009-2702
|
||||
%patch201 -p1 -b .CVE-2010-0046
|
||||
|
||||
# Fedora patches
|
||||
%patch300 -p1 -b .halectomy
|
||||
|
@ -571,6 +576,9 @@ rm -rf %{buildroot}
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 07 2011 Than Ngo <than@redhat.com> - 4.7.3-3
|
||||
- CVE-2010-0046, security issue in khtml
|
||||
|
||||
* Fri Nov 04 2011 Rex Dieter <rdieter@fedoraproject.org> 4.7.3-2
|
||||
- no_libkactivities
|
||||
|
||||
|
|
Loading…
Reference in New Issue